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ktiAuthenticator 6.5 Administrator 


1.Which two features of FortiAuthenticator are used for EAP deployment? (Choose 


two) 

A. Certificate authority 

B. LDAP server 

C. MAC authentication bypass 
D. RADIUS server 

Answer: AD 


2.Which EAP method is known as the outer authentication method? 


A. MSCHAPv2 
B. PEAP 
C. EAP-GTC e 
D. EAP-TLS e 
Answer: B e? 
aS 
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3.You are a FortiAuthenticator administrator for a large gÿanization. Users who are 
configured to use FortiToken 200 for two-factor autherfication can no longer 
authenticate. = 
You have verified that only the users with two- faétor authentication are experiencing 
the issue. Wa 
What can cause this issue? Wa 
A. FortiToken 200 license has expired. 
B. One of the FortiAuthenticator devjoċs i in the active-active cluster has failed. 
C. Time drift between FortiAuthentiċator and hardware tokens. 
D. FortiAuthenticator has lost gohitact with the FortiToken Cloud servers. 
Answer: C M 
E d 

Ku 
4 What is the functio of RADIUS profiles and realms in authentication? 
A. They provide s sècure encryption for user data 
B. They enablé remote access to user files 
C. They authenticate users based on their IP addresses 
D. They manage authentication settings and methods for RADIUS users 


Answer: D 


5.Which protocol is commonly used for RADIUS single sign-on (RSSO) to integrate 
third-party logon events with Fortinet Single Sign-On (FSSO)? 

A. HTTP 

B. SNMP 

C. RADIUS 


D. DNS 
Answer: C 


6.A device that is 802.1X non-compliant must be connected to the network. 
Which authentication method can you use to authenticate the device with 
FortiAuthenticator? 

A. EAP-TTLS 

B. EAP-TLS 

C. MAC-based authentication 

D. Machine-based authentication 

Answer: C 
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7.You are the administrator of a large network and you want to trak your users by 
leveraging the FortiClient SSO Mobility Agent. As part of the deployment you want to 
make sure that a bad actor will not be allowed to authentica#é with an unauthorized 
AD server and appear as a legitimate user when reporte y the agent. 
Which option can prevent such an attack? ae 
A. Add only the trusted AD servers to a valid serves’ group. 
B. Change the Secret key in the Enable authentiċàtion option for the FortiClient 
Mobilitv Agent Service. Ħa 
C. Enable the Enable RADIUS accounting SO clients method. 
D. Enable the Enable NTLM option in the FortiClient Mobility Agent Service. 
Answer: D P 


8.Which of the following seryites can be configured for remote authentication in 
FortiAuthenticator? Ý 

A. Online shopping $$ 

B. Social media intgGration 

C. Remote desktób access 

D. Virtual reality gaming 

Answer: C 


9.In a PKI infrastructure, what is the purpose of the root certificate? 
A. It is used for encrypting sensitive user data 

B. It is a backup certificate for emergency situations 

C. It is the certificate of the end user in a communication 

D. It is the highest-level certificate that signs other certificates 
Answer: D 


10.Which of the following is a recommended practice when configuring 
FortiAuthenticator for deployment? 

A. Disabling all authentication methods except one 

B. Using the default factory settings for quicker deployment 

C. Enabling all available authentication methods for flexibility 

D. Disabling all user roles to simplify access control 

Answer: A 


11.What is the benefit of integrating FortiAuthenticator with Active Directory for single 
sign-on? 

A. It prevents any user logon events from being recorded e 

B. It allows users to authenticate using only their email addresses Ka 

C. It centralizes user management and reduces password fatigue 

D. It requires users to use different credentials for different regglirces 


Answer: C o 
$ 


a 
Q 7 
G ; . 
12.In the context of FortiAuthenticator, what is the purpose of active authentication? 
A. Enforcing access controls based on user identity 


B. Encrypting network traffic ĦA 
C. Managing firewall rules $ 
D. Detecting hardware failures Ħal 
Answer: A P 
SU 
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13.Which of the following staðments is true regarding RADIUS authentication? 
A. It only supports local user accounts 

B. It's a protocol used exclusivelv for email authentication 

C. It's commonly used for wireless network authentication 

D. It's a type of kidmetric authentication 

Answer:C $€ 


14.A svstem administrator wants to integrate FortiAuthenticator with an existing 
identitv management svstem with the goal of authenticating and deauthenticating 
users into FSSO. 

A. The ability to import and export users from CSV files 

B. RADIUS learning mode for migrating users 

C. REST API 

D. SNMP monitoring and traps 

Answer: C 


15.FortiAuthenticator has several roles that involve digital certificates. 

Which role allows FortiAuthenticator to receive the signed certificate signing requests 
(CSRs) and send certificate revocation lists (CRLs)? 

A. Remote LDAP server 

B. EAP server 

C. SCEP server 

D. OCSP server 

Answer: C 


16.Which statement about captive portal policies is true, assuming a Single policy has 
been defined? e 
A. Portal policies apply only to authentication requests coming frath unknown 
RADIUS clients er 
B. All conditions in the policy must match before a user is présented with the captive 
portal. S 
C. Conditions in the policy apply only to wireless users” 
D. Portal policies can be used only for BYODs. $ 
Answer: B rà 
4 
$ 
17.How can tags be used to generate Esfiinet Single Sign-On (FSSO) events? 
A. By attaching physical tags to users" devices 
B. By automatically categorizing loĝon events using predefined labels 
C. By sending notifications to users about authentication events 
D. By creating custom login,streens 
Answer: B $ 
eU 
Sj í 
18.Which two typés of digital certificates can you create in FortiAuthenticator? 
(Choose two.) * 
A. Third-party root certificate 
B. User certificate 
C. Organization validation certificate 
D. Local services certificate 
Answer: BD 


19. Which of the following is a benefit of using role-based access control (RBAC) in 
FortiAuthenticator? 
A. It eliminates the need for authentication 


B. It assigns the same permissions to all users 

C. It provides granular control over user access based on their roles 
D. It automatically generates strong passwords for users 

Answer: C 


20.What are tokens commonly used for in authentication systems? 
A. Sending text messages 

B. Displaying the current time 

C. Generating random security codes 

D. Storing biometric data 

Answer: C 
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21.What is the purpose of configuring and managing user accounts in 


FortiAuthenticator? e 
A. To create a separate network for users Af 
B. To generate secure passwords for users gY 
ne, M 
C. To control user access to resources based on theig fdentity 
D. To monitor user's internet usage patterns S 
Answer: C e 
S 
4° 
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22.You are an administrator for a large, eħterprise and you want to delegate the 
creation and management of guest ysers to a group of sponsors. 
How would you associate the guest accounts with individual sponsors? 
A. As an administrator, you cassign guest groups to individual sponsors. 
B. Guest accounts are assqelated with the sponsor that creates the guest account. 
C. You can automatically dd guest accounts to groups associated with specific 
sponsors. Pd 
D. Select the sponsét on the guest portal, during registration. 
Answer: B S 
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